From: David Goulet <dgoulet@torproject.org>
Date: Tue, 11 Feb 2020 14:56:44 +0000 (-0500)
Subject: dirauth: Add option AuthDirRejectRequestsUnderLoad
X-Git-Tag: tor-0.4.2.7~11^2^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=735aa208b1592e166d03ec96e90422293d26b98a;p=thirdparty%2Ftor.git

dirauth: Add option AuthDirRejectRequestsUnderLoad

This controls the previous feature added that makes dirauth send back a 503
error code on non relay connections if under bandwidth pressure.

Signed-off-by: David Goulet <dgoulet@torproject.org>
---

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 1504223b89..c7c41e7841 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2925,6 +2925,13 @@ on the public Tor network.
     before it will treat advertised bandwidths as wholly
     unreliable. (Default: 500)
 
+[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**::
+    If set, the directory authority will start rejecting directory requests
+    from non relay connections by sending a 503 error code if it is under
+    bandwidth pressure (reaching the configured limit if any). Relays will
+    always tried to be answered even if this is on. (Default: 1)
+
+
 HIDDEN SERVICE OPTIONS
 ----------------------
 
diff --git a/src/app/config/config.c b/src/app/config/config.c
index deda2448b6..89ec26f05c 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -671,6 +671,7 @@ static const config_var_t option_vars_[] = {
   OBSOLETE("UseNTorHandshake"),
   V(User,                        STRING,   NULL),
   OBSOLETE("UserspaceIOCPBuffers"),
+  V(AuthDirRejectRequestsUnderLoad, BOOL,  "1"),
   V(AuthDirSharedRandomness,     BOOL,     "1"),
   V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
   OBSOLETE("V1AuthoritativeDirectory"),
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 32dcd9fb18..e6be797017 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -1008,6 +1008,13 @@ struct or_options_t {
    */
   uint64_t MaxUnparseableDescSizeToLog;
 
+  /** Bool (default: 1): Under bandwidth pressure, if set to 1, the authority
+   * will always answer directory requests from relays but will start sending
+   * 503 error code for the other connections. If set to 0, all connections
+   * are considered the same and the authority will try to answer them all
+   * regardless of bandwidth pressure or not. */
+  int AuthDirRejectRequestsUnderLoad;
+
   /** Bool (default: 1): Switch for the shared random protocol. Only
    * relevant to a directory authority. If off, the authority won't
    * participate in the protocol. If on (default), a flag is added to the